Edit

Share via


Pkcs12KeyBag(ReadOnlyMemory<Byte>, Boolean) Constructor

Definition

Initializes a new instance of the Pkcs12KeyBag from an existing encoded PKCS#8 PrivateKeyInfo value.

public Pkcs12KeyBag (ReadOnlyMemory<byte> pkcs8PrivateKey, bool skipCopy = false);
new System.Security.Cryptography.Pkcs.Pkcs12KeyBag : ReadOnlyMemory<byte> * bool -> System.Security.Cryptography.Pkcs.Pkcs12KeyBag
Public Sub New (pkcs8PrivateKey As ReadOnlyMemory(Of Byte), Optional skipCopy As Boolean = false)

Parameters

pkcs8PrivateKey
ReadOnlyMemory<Byte>

A BER-encoded PKCS#8 PrivateKeyInfo value.

skipCopy
Boolean

true to store pkcs8PrivateKey without making a defensive copy; otherwise, false. The default is false.

Exceptions

The pkcs8privateKey parameter does not represent a single ASN.1 BER-encoded value.

Remarks

This method validates that pkcs8PrivateKey is a single BER-encoded value, but it does not verify that the value is a proper PKCS#8 PrivateKeyInfo value.

Transporting private keys in a KeyBag is permitted by the PKCS#12 standard, but not all PFX readers support pairing certificates with keys from a KeyBag. For best support, transport keys in a ShroudedKeyBag (Pkcs12ShroudedKeyBag).

The default behavior of this method is to make a defensive copy of pkcs8PrivateKey. When the skipCopy parameter is true, this defensive copy is skipped. If the defensive copy is skipped and the contents of pkcs8PrivateKey change during the lifetime of the returned value or of any object produced by its methods or properties, then methods and properties on those objects may produce nonsense results or throw exceptions due to the corrupted state. Callers are therefore advised to only use a true value for the skipCopy parameter when they can be reasonably assured that the data will stay intact.

Applies to

See also